This project has some routes that I donĀ“t want to be available in production for users.
One of them is to disable the site ( /deactivate ), and the other is to put the site back up and running ( /activate ).
However, what is intended is to have the possibility of having the site down for all users except those who have a special development cookie, to keep the site navigable for only these users. This is used by developers and product owners since they, during a rollout, intend to see the site before opening it to the public.
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Cookie;
class CheckAllowedVisibilityMaintenance
{
public function handle(Request $request, Closure $next)
{
// Check if the application is in maintenance mode
if (app()->isDownForMaintenance())
{
// Checks if allowed
if ($this->isAllowed())
{
return $next($request);
}
// Returns a custom response to indicate that the application is under maintenance
$message = 'The application is undergoing maintenance!';
return response()->view('maintenance', ['message' => $message], 503);
}
return $next($request);
}
private function isAllowed(): bool
{
// Check if is allowed
$conditionalFlag = env('APP_ROUTE_COOKIE_FLAG');
return ($conditionalFlag && Cookie::has($conditionalFlag));
}
}
<?php
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array<int, class-string|string>
*/
protected $middleware = [
\App\Http\Middleware\TrustProxies::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\CheckAllowedVisibilityMaintenance::class, <--- ADDED HERE ####
];
/**
* The application's route middleware groups.
*
* @var array<string, array<int, class-string|string>>
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\Illuminate\Routing\Middleware\ThrottleRequests::class,
],
'api' => [
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array<string, class-string|string>
*/
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
];
}
@if(app()->isDownForMaintenance())
<div class="maintenance-mode">
<p>The application is currently under maintenance! <br /> Is only visible for you and all the other users have the application under maintenance mode page.</p>
</div>
@endif
Route::get('/deactivate',
[
MaintenanceController::class, 'deactivate'
]
)->name('deactivate');
Route::get('/activate',
[
MaintenanceController::class, 'activate'
]
)->name('activate');